CVE-2015-4674 - Adrift Crown

Description

The autoupdate implementation in TimeDoctor Pro 1.4.72.3 on Windows relies on unsigned installer files that are retrieved without use of SSL which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file.

Reference

http://seclists.org/fulldisclosure/2015/Jun/105 http://www.securityfocus.com/bid/75572 http://www.securityfocus.com/archive/1/535881/100/700/threaded